Back to skill
Skillv1.0.0
VirusTotal security
Tavily + Zhipu Web Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 2:06 AM
- Hash
- cc5b9509564f7e1667a59866bad0da2b60feab90bc9281bb93e2a74b1736fbf1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tavily-zhipu-search Version: 1.0.0 The skill implements a web search tool using Tavily with a fallback to Zhipu AI. It is classified as suspicious because the script `scripts/search.py` programmatically accesses and parses the sensitive global configuration file `~/.openclaw/openclaw.json` to extract API keys. While this behavior is mentioned in `SKILL.md` as a convenience feature, accessing a central configuration file that may contain multiple credentials is a high-risk capability. The script communicates with legitimate search endpoints at api.tavily.com and open.bigmodel.cn and does not show evidence of intentional data exfiltration to unauthorized third parties.
- External report
- View on VirusTotal